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REMARKS 

Claims 1, 5-6, 8-12, 16-17, 19-23, and 25-30 are pending in the Application and are now 
presented for examination. Claims 1, 5, 10-12, 16, 21-23 and 25-26 have been amended. Claims 
2-4, 7, 13-15, 18 and 24 have been cancelled without prejudice and without disclaimer of subject 
matter. New Claims 27-30 have been added. Support for new Claims 27-30 may be found at 
least on page 16, lines 12-22 of the specification. No new matter has been added. 

Claims 1, 10, 12, 21, 23, 25 and 26 are independent. 

On page 2 of the Office Action, Claims 1, 4-9, 12, 15-20, 23 and 25 are rejected under 35 
U.S.C. § 103(a) as being unpatentable over United States Patent No. 7,243,148, issued to Keir et 
al. ("Keir") in view of United States Patent No. 5,944,825, issued to Bellemore et al. 
("Bellemore"). As an initial matter, Claims 4, 7, 15 and 18 have been cancelled, rendering the 
rejection in connection with these claims moot. 

Independent Claim 1 has been amended to more clearly recite the feature of determining 
a security vulnerability score, where the security vulnerability score is defined as "a product of a 
frequency score , a severity score , a criticality score , and a trust score , the frequency score based 
on a percentage of hosts experiencing the detected security vulnerability in the system and the 
criticality score based on whether at least one of confidential data and personal data is on the 
system and whether information on the element is used for aggregation." As this feature is not 
disclosed in Keir or Bellemore, either standing alone or in combination, Applicants believe 
amended independent Claim 1 is in condition for allowance. Applicants respectfully request this 
rejection be withdrawn. 
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The Office Action characterizes Keir as teaching every element of Independent Claim 1 
as originally presented, with the exception of determining a time to fix the security vulnerability 
identified by the security vulnerability assessment. The Office Action relies upon Bellemore to 
teach this feature. Independent Claim 1 has been amended to recite precisely how the security 
vulnerability score is determined. Specifically, the security vulnerability score is the product 
resulting from multiplying a frequency score, a severity score, a criticality score, and a trust 
score together. Neither Keir nor Bellemore teach or suggest this feature. 

Keir teaches a security score determined according to the equation F=100-V-E, where F 
is the security or "FoundScore," V is the "Vulnerability Loss" and E is the "Exposure Loss." 
See Keir, col. 64, lines 14-26. The Vulnerability Loss is further defined according to the 
equation: 

V = min(70, (10V h H h + 42V m H m +UV l H l )/ H n )) . See Keir, col. 64, lines 27-50. 
Clearly, Keir does not disclose a security vulnerability score that is the product of a frequency 
score, a severity score, a criticality score, and a trust score. 

During an interview with the Examiner on June 24, 2008, Applicants' attorney presented 
and discussed proposed amended claims. The Examiner inquired about the meaning of a "trust 
score" and Applicant's attorney directed the Examiner to page 16 of the specification and to new 
dependent Claims 28 and 30. The Examiner recommended merging dependent Claims 2 and 3 
into Independent Claim 1, thereby further clarifying the meaning of the "frequency score" and 
the "criticality score." As these features are not taught or suggested by Keir or Bellemore, 
Applicants have adhered to the Examiner's advice and have amended independent Claim 1 
accordingly. Because none of the cited references, whether considered alone or in combination, 
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teach or suggest each and every element of amended independent Claim 1, Applicants believe 

independent Claim 1 is in condition for allowance and request that the rejection to this claim be 

withdrawn. 

Independent Claims 12, 23 and 25 have been amended in a similar manner as 
independent Claim 1, therefore Applicants submit that the arguments presented with respect to 
Claim 1 apply equally to Claims 12, 23 and 25. Specifically, amended Claims 12, 23 and 25 
recite the feature where the security vulnerability score is defined as a product of a frequency 
score, a severity score, a criticality score, and a trust score. Thus, Applicants believe 
independent Claims 12, 23 and 25 are also in condition for allowance. The withdrawal of these 
rejections is earnestly solicited. 

On page 4 of the Office Action, Claims 2-3, 10-11, 13, 14, 21-22, 24 and 26 are rejected 
under 35 U.S.C. § 103(a) as being unpatentable over Keir in view of Bellemore and further in 
view of United States Patent Publication No. 2004/0006704, to Dahlstrom etal. ("Dahlstrom"). 
Claims 2-3, 13, 14 and 24 have been cancelled, rendering the rejection in connection with these 
claims moot. 

Independent Claims 10, 21 and 26 have been amended to recite the feature where the 
security vulnerability factor is "based upon the frequency of occurrence of the security 
vulnerability in the system, a criticality of an element in the system, a severity of the security 
vulnerability within the system, and isolation of the system." These features are not taught, 
disclosed or suggested by Keir, Bellemore, or Dahlstrom, either standing alone or in 
combination. Applicants therefore believe these claims are in condition for allowance and 
respectfully request these rejections be withdrawn. 
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As discussed above, in relation to Independent Claim 1, neither Keir nor Bellemore teach, 
disclose, or suggest a security vulnerability factor that is a product of a frequency score, a 
criticality score, a severity score, and a trust score. Independent Claim 10 is narrower in scope 
than Claim 1 as Claim 10 recites the actual function of the frequency score (i.e., the frequency of 
occurrence of the security vulnerability in the system), the criticality score (i.e., a criticality of an 
element in the system), the severity score (i.e., a severity of the security vulnerability within the 
system), and the trust score (i.e., isolation of the system), instead of classifying the functions by 
name. Dahlstrom also does not teach or suggest these features. Dahlstrom is directed to a 
process for determining a risk assessment of a security vulnerability based on the simplicity of 
exploiting the vulnerability, the popularity/probability of exploitation and an impact to an 
organization if exploited. See Dahlstrom, paragraph [0062]. None of the cited references teach, 
disclose or suggest the recited features. Thus, Applicants believe independent Claim 10 is also 
in condition for allowance. 

Independent Claims 21 and 26 have been amended in a similar manner as Independent 
Claim 10. Additionally, independent Claim 25 has been amended in a similar manner as 
independent Claim 1. Therefore, the arguments presented above in connection with Independent 
Claim 1 apply equally to Claim 25, and the arguments presented in connection with Claim 10 
apply equally to Claims 21 and 26. Applicants respectfully request the withdrawal of the 
rejections to these claims. 

Claims 5-6, 8-9, 11, 16-17, 19-20, 22 and 27-30 are each dependent either directly or 
indirectly from one or another of independent Claims 1, 10, 12 and 21, discussed above. These 
claims recite additional limitations which, in conformity with the features of their corresponding 
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independent claim, are not disclosed or suggested by the art of record. The dependent claims are 

therefore believed patentable. However, the individual reconsideration of the patentability of 

each claim on it own merits is respectfully requested. 

For all of the above reasons, the claim objections are believed to have been overcome 
placing Claims 1, 5-6, 8-12, 16-17, 19-23, and 25-30 in condition for allowance, and 
reconsideration and allowance thereof is respectfully requested. 

The Examiner is encouraged to telephone the undersigned to discuss any matter that 
would expedite allowance of the present application. 

The Commissioner is hereby authorized to credit overpayments or charge payment of any 
additional fees associated with this communication to Deposit Account No. 090457. 

Respectfully submitted, 

Date: July 9, 2008 By: /Alan M. Weisberg/ 

Alan M. Weisberg 
Reg. No.: 43,982 
Attorney for Applicant(s) 
Christopher & Weisberg, P. A. 
200 East Las Olas Boulevard, Suite 2040 
Fort Lauderdale, Florida 33301 
Customer No. 68786 
Tel: (954) 828-1488 
Fax: (954) 828-9122 
email: ptomail@cwiplaw.com 
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